summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGravatar Christian Hesse <mail@eworm.de>2016-05-28 23:25:25 +0200
committerGravatar Christian Hesse <mail@eworm.de>2016-05-28 23:25:25 +0200
commitca67c46edf1c0543ce58bd075c565e1cb9a5a926 (patch)
treed5c026c4113960d8828695e99a7e40e2482c162d
parentb6cc20e9c27ddf4b4ca8a58ef7aa990885229157 (diff)
parent21075238bba7c633fc84657322391664f1770368 (diff)
downloadmkinitcpio-ykfde-ca67c46edf1c0543ce58bd075c565e1cb9a5a926.tar.gz
mkinitcpio-ykfde-ca67c46edf1c0543ce58bd075c565e1cb9a5a926.tar.zst
Merge branch 'systemd-units'
-rw-r--r--Makefile2
-rw-r--r--README-mkinitcpio.md4
-rw-r--r--mkinitcpio/ykfde12
-rw-r--r--systemd/ykfde-2f18
-rw-r--r--systemd/ykfde-2f.service2
-rw-r--r--systemd/ykfde-notify.service22
6 files changed, 31 insertions, 29 deletions
diff --git a/Makefile b/Makefile
index 9dae5cd..e0b85a0 100644
--- a/Makefile
+++ b/Makefile
@@ -42,7 +42,7 @@ install-bin: bin/ykfde udev/ykfde
$(INSTALL) -D -m0755 grub/09_linux $(DESTDIR)/etc/grub.d/09_linux
$(INSTALL) -D -m0644 systemd/ykfde.service $(DESTDIR)/usr/lib/systemd/system/ykfde.service
$(INSTALL) -D -m0644 systemd/ykfde-2f.service $(DESTDIR)/usr/lib/systemd/system/ykfde-2f.service
- $(INSTALL) -D -m0755 systemd/ykfde-2f $(DESTDIR)/usr/lib/systemd/scripts/ykfde-2f
+ $(INSTALL) -D -m0644 systemd/ykfde-notify.service $(DESTDIR)/usr/lib/systemd/system/ykfde-notify.service
$(INSTALL) -d -m0700 $(DESTDIR)/etc/ykfde.d/
install-doc: README.html README-mkinitcpio.html README-dracut.html
diff --git a/README-mkinitcpio.md b/README-mkinitcpio.md
index 9f2ee4a..1d1833a 100644
--- a/README-mkinitcpio.md
+++ b/README-mkinitcpio.md
@@ -13,8 +13,10 @@ To compile and use yubikey full disk encryption you need:
* [iniparser](http://ndevilla.free.fr/iniparser/)
* [systemd](http://www.freedesktop.org/wiki/Software/systemd/)
* [cryptsetup](http://code.google.com/p/cryptsetup/)
-* keyutils and linux with `CONFIG_KEYS`
+* keyutils and linux with `CONFIG_KEYS` enabled
* [mkinitcpio](https://projects.archlinux.org/mkinitcpio.git/)
+* sleep (from [coreutils](http://www.gnu.org/software/coreutils)) and
+ pkill (from [procps-ng](https://gitlab.com/procps-ng/procps))
* [markdown](http://daringfireball.net/projects/markdown/) (HTML documentation)
* [libarchive](http://www.libarchive.org/) (Update challenge on boot)
diff --git a/mkinitcpio/ykfde b/mkinitcpio/ykfde
index 5a407f5..4932dfd 100644
--- a/mkinitcpio/ykfde
+++ b/mkinitcpio/ykfde
@@ -11,15 +11,11 @@ build() {
add_systemd_unit cryptsetup-pre.target
add_systemd_unit ykfde-2f.service
add_symlink /usr/lib/systemd/system/sysinit.target.wants/ykfde-2f.service ../ykfde-2f.service
- add_file /usr/lib/systemd/scripts/ykfde-2f
+ add_systemd_unit ykfde-notify.service
+ add_symlink /usr/lib/systemd/system/sysinit.target.wants/ykfde-notify.service ../ykfde-notify.service
add_binary systemd-ask-password
-
- # shell and commands
- local applet
- add_binary /usr/lib/initcpio/busybox /usr/bin/busybox
- for applet in cat kill sh sleep; do
- add_symlink "/usr/bin/${applet}" busybox
- done
+ add_binary pkill
+ add_binary sleep
fi
}
diff --git a/systemd/ykfde-2f b/systemd/ykfde-2f
deleted file mode 100644
index c34bde8..0000000
--- a/systemd/ykfde-2f
+++ /dev/null
@@ -1,18 +0,0 @@
-#!/bin/sh
-
-# (C) 2016 by Christian Hesse <mail@eworm.de>
-#
-# This software may be used and distributed according to the terms
-# of the GNU General Public License, incorporated herein by reference.
-
-systemd-ask-password --no-tty --keyname='ykfde-2f' 'Please enter second factor for Yubikey full disk encryption!' >/dev/null
-
-if [ -s '/run/ykfde.pid' ]; then
- kill -USR1 $(cat '/run/ykfde.pid')
- # ykfde started from udev needs a moment to set up the key
- # in store. It is out of systemd control, so wait a moment
- # here.
- sleep 0.2
-fi
-
-true
diff --git a/systemd/ykfde-2f.service b/systemd/ykfde-2f.service
index cfdab43..33f034f 100644
--- a/systemd/ykfde-2f.service
+++ b/systemd/ykfde-2f.service
@@ -14,4 +14,4 @@ ConditionPathExists=/etc/ykfde.d/
Type=oneshot
RemainAfterExit=yes
TimeoutSec=0
-ExecStart=/usr/lib/systemd/scripts/ykfde-2f
+ExecStart=/usr/bin/systemd-ask-password --no-tty --no-output --keyname='ykfde-2f' 'Please enter second factor for Yubikey full disk encryption!'
diff --git a/systemd/ykfde-notify.service b/systemd/ykfde-notify.service
new file mode 100644
index 0000000..04a4d46
--- /dev/null
+++ b/systemd/ykfde-notify.service
@@ -0,0 +1,22 @@
+# (C) 2016 by Christian Hesse <mail@eworm.de>
+#
+# This software may be used and distributed according to the terms
+# of the GNU General Public License, incorporated herein by reference.
+
+[Unit]
+Description=Notify ykfde about key
+DefaultDependencies=no
+Before=cryptsetup-pre.target
+Wants=cryptsetup-pre.target
+Requires=ykfde-2f.service
+After=ykfde-2f.service
+ConditionPathExists=/run/ykfde.pid
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/bin/pkill -USR1 --pidfile /run/ykfde.pid
+# ykfde started from udev needs a moment to set up the key
+# in store. It is out of systemd control, so wait a moment
+# here.
+ExecStart=/usr/bin/sleep 0.2